| Description |
Employs pre-defined roles that carry a specific set of privileges. To grant access you have to give the object a role |
Uses policies which are defined according to a set of selected attributes from the user, subject, resource, and environment attributes and so on |
Uses a communicable, unforgeable token of authority. The token references an object along with an associated set of access rights |
| Scalability |
Not scalable as pre-defining roles for billions of devices is not possible and will drive to many errors when assigning roles to fast-changing devices |
The access policies are defined on attribute which gives it the scalability feature because in a complex system or nested policies the more granular your system is the more is efficient to handle billions of devices |
Scalability is made possible by providing tokens only (the management of tokens are easier and efficient), but it can be a problem for complex systems (many components) where a user may handle tens of tokens where each token represents an access right |
| Heterogeneity |
Moderate |
High |
High |
| Dynamicity |
Low |
High |
Moderate |
|
(A role is not dynamic as it’s pre-defined and changing a role will affect all the associated devices) |
(The access policies are defined by a set of conditions which makes it dynamic and more robust to changes) |
(every time I change the policy I need to change the token) |
| Lightweight |
Moderate |
Moderate |
High |
| Flexibility |
Moderate |
High |
High |
| Granularity |
Low |
High |
Moderate |
